So what is the hardest part of migrating 2200 logons to a new home drives, new logons, and a new directory structure… getting everyone to take the first step. Here is why we had such a long pause:
We planned the best way to make the move
We created the script to make the move happen
We tested the migration and refined it until we could migrate with no unexpected issues
We presented our plan and schedule and… we had to get it approved through management.
So after 30 meetings, answering the questions of why this has to happen over and over everyone now agrees and we can move on.
With that said we started our conversions.
Here is a nifty script we used to find an accurate last logon for all users in a specific OU. Again we are a 2003 domain so we have to check all the domain controllers. This script goes through the domain controllers and picks the latest date.

So we created AD objects with powershell and it was good. While the script took us a little while to create and it probably could have been written better it got the job accomplished. When we are writing scripts I think it is important to remember we are not coders, we are not trying to write the perfect code or resell our code. If the job gets accomplished our script was successful, especially if it does no harm in the process. So when writing AD scripts be less concerned with the perfect code, and more concerned with testing it in a place that will cause no harm.

Once you have a script that will get the job done you can always post the script on line, and trust me people will point out where you went wrong. One good site to use that is helpful without being elitist is … www.scriptinganswers.com

We did not decide to change our Active Directory (AD) structure, as much as we were placed in a position where we would be stupid not to change the structure. Our HR/Payroll system wanted to go paperless and to do so each employee would have to have an AD logon. Our logons were based on first initial + lastname + number 1-10. There was no way we could map from the HR/payroll system to our AD and back. So we opted to change everyone to use their employee number, a number that our HR system creates.

Since HR needed the new logons to be done and everyone converted in about 30 days. We opted to create a new logon based on employee number for everyone. Then we could move OU by OU deleting the new employee number logon and changing the users old logon to match. We found this kept us from having to create new profiles. We used a third party webpage software to allow the end user to reset thier own password, since the HR software would not work if we set the account to change password on first login. (note accounts which went unchanged were disabled, we really had to push to get that one)

The following is the powershell script we used to create all the HR accounts needed.